Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-2087

Published: 13/05/2011 Updated: 02/06/2011
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.1.4

apache struts 2.2.1

apache struts 2.1.3

apache struts 2.1.2

apache struts 2.0.14

apache struts 2.0.3

apache struts 2.0.2

apache struts 2.0.5

apache struts 2.2.1.1

apache struts 2.0.8

apache struts 2.1.5

apache struts 2.0.12

apache struts 2.1.1

apache struts 2.0.7

apache struts 2.0.0

apache struts 2.0.11

apache struts 2.0.9

apache struts 2.0.11.2

apache struts 2.1.0

apache struts 2.1.8

apache struts 2.1.8.1

apache struts 2.0.4

apache struts 2.0.11.1

apache struts 2.0.6

apache struts 2.0.13

apache struts 2.1.6

apache struts 2.0.10

apache struts 2.0.1

Github Repositories

esgf_scanner

What this is generate_esgfconfsh is a script file from the esgf_scanner repo which is used to generate as output, a configuration file for use with the CVEChecker tool The idea is to be able to auto-generate a manifest for each release, and use that an input to scan for known vulnerabilities When a reported vulnerability is studied and deemed to be addressed, it can then be

cvechecker

What is CVEChecker ? CVEChecker is a tool that aggregates CVE information from Redhat and the NVD vulnerability data feeds, to setup a local vulnerability store that can be queried offline Vulnerabilities can be looked up on the basis of user-specified parameters such as a product name, keywords in the vulnerability description, or the CVEid itself Filters such as --aft

References

CWE-79http://www.vupen.com/english/advisories/2011/1198https://issues.apache.org/jira/browse/WW-3608https://issues.apache.org/jira/browse/WW-3597http://struts.apache.org/2.2.3/docs/version-notes-223.htmlhttps://nvd.nist.govhttps://www.securityfocus.com/bid/47890https://github.com/snic-nsc/esgf_scanner
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3079CVE-2021-4376CVE-2020-36716firewalldosCVE-2023-32784CVE-2021-4344cameraCVE-2021-4356
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook